IBM Support

Changing the Default Shell for Inbound Secure Shell (SSH) Connections to the IBM i



This document describes how the default shell for inbound SSH connections to the IBM i can be changed.

Resolving The Problem

This document describes how the default shell for inbound SSH connections to the IBM i can be changed.

Shell is a UNIX term for the interactive use with an operating system. The shell understands and executes the commands a user enters. The Bourne shell '/OpenSys/usr/bin/bsh' is the default shell used for inbound SSH connections to the IBM i. The default shell for inbound SSH connections can be changed to either the Korn shell or the C shell.

A new sshd_config option specific to the IBM i 4.7p1 implementation of OpenSSH named ibmpaseforishell can be added to specify a different shell to be used for incoming SSH connections. The 4.7p1 implementation of OpenSSH is available on V7R1 machines that have version 7 of the IBM Portable Utilities 5733SC1 installed. To use this option, add the ibmpaseforishell option to the sshd_config file. The sshd_config file is stored in the IFS directory below:


The value for the ibmpaseforishell option is the pathname to the shell to be used. Listed below is an example of how the default shell can be changed to the C Shell by adding the ibmpaseforishell option to the sshd_config file:

#PidFile /var/tmp/
#MaxStartups 10

#no default banner path
#Banner /some/path

#ibm pase for IBM i shell
ibmpaseforishell /QOpenSys/usr/bin/csh

#override default of no subsystems
Subsystem sftp /QOpenSys/QIBM/ProdData/SC1/OpenSSH/openssh-4.7p1/libexec/sftp-server

Note: The ibmpaseforishell keyword can also be used to restrict SSH access to the IBM i. In the example below, changing the value of the ibmpaseforishell keyword to the sftp-server file restricts SSH access to the IBM i:

#restrict access to the ibm pase for IBM i shell
ibmpaseforishell /QOpenSys/QIBM/ProdData/SC1/OpenSSH/openssh-4.7p1/libexec/sftp-server

Considerations to Make

  • The SSHD must be restarted for the changes to take effect.
  • The specified shell will be used for every inbound SSH session to the IBM i. There is no way to specify a shell for individual user profiles in the sshd_config file. If different shells are required for certain users, a login script ~/.profile can be created for these users. The desired shell can be inserted into the user's login script.
  • The OpenSSH implementation 4.7p1 code can be installed on earlier releases of the operating system by installing PTF SI39652 (V5R4) and SI40092 (V6R1).
  • The installation of the PTFs will not change the location of sshd_config file. For V5R4 machines, the sshd_config will remain in the openssh-3.5p1 path. For V6R1 machines, the sshd_config file will remain in the openssh-3.8.1p1 path.
  • On V7R2 machines, the sshd_config file resides in IFS directory /QOpenSys/QIBM/UserData/SC1/OpenSSH/etc .

[{"Product":{"code":"SWG60","label":"IBM i"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":"Communications-TCP","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.2.0;7.2;7.1.0;7.1;6.1.1;6.1.0;6.1;5.4.5;5.4.0","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Product":{"code":"SSC5L9","label":"IBM i 7.2"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":null}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"SSC52E","label":"IBM i 7.1"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":null}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"SSC3X7","label":"IBM i 6.1"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":null}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}}]

Historical Number


Document Information

Modified date:
18 December 2019